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1 DETAILED ACTION 

2 

3 This action is in response to tine communication filed on 10/23/07. 

4 All objections and rejections not set forth below have been withdrawn. 

5 Claims 1 -17, 20, 22 - 34 are pending. 
6 

7 Claim Rejections - 35 USC § 103 

8 

9 The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

10 obviousness rejections set forth in this Office action: 

11 (a) A patent may not be obtained though the invention is not identically disclosed or described as set 

1 2 forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

1 3 the phor art are such that the subject matter as a whole would have been obvious at the time the 

1 4 invention was made to a person having ordinary skill in the art to which said subject matter pertains. 

1 5 Patentability shall not be negatived by the manner in which the invention was made. 
16 

17 Claims 1-10 and 12 - 34 rejected under 35 U.S.C. 103(a) as being 

18 unpatentable over Bates et al. (Bates), U.S. Patent 6,721,721 B1 in view of 

19 Hericourt et al. (Hericourt), U.S. Patent 7,099,916. 

20 

21 Regarding claim 1 , Bates et al. discloses: 

22 entering a first computer virus status mode in response to a first computer virus 

23 outbreak report indicating a virus attack threat to a computer network (Bates et a!., col. 

24 1 , lines 13-52). Bates et al. reports the outbreak of new and more sophisticated viruses, 

25 and in response, the system of Bates et al. is employed for the purpose of protecting 

26 against these outbreaks. 
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1 computing a first computer virus alert time corresponding to entry into tiie first 

2 computer virus status mode (Bates et al., fig. 7, elem. 214; col. 7, lines 20-35). Herein, 

3 Bates et al. discloses a method for accessing computer content on a local machine or 

4 on a network. Content is filtered based upon a generated virus alert time, a rule derived 

5 from relative time parameters (criterion) entered (via computer means, "computing") by 

6 a user in a virus status mode. The relative time parameters (i.e. "virus found in last 7 

7 days", "not checked in last 14 days") are processed ("computing") into a rule, which is 

8 then utilized by the system to compare with the timestamps of content and make 

9 determinations of trustworthiness (Bates et al., col. 11, lines 1 2-24; col. 1 3, lines 22-34; 

10 col. 17, lines 35-49; col. 18, lines 22-30). 

1 1 comparing a time stamp of a executable computer code.. . with the first computer 

12 virus alert time (Bates et al., col. 9, line 65 - col. 10, line 3; col. 1 1 , lines 12-24; col. 12, 

13 lines 59-62); 

1 4 and determining the executability of the computer content in response to the 

15 result of the comparing step (Bates et al., col. 9, line 56 - col. 10, line 8; col. 1 1 , lines 

16 12-24). Bates et al. discloses that in response to a comparison, a determination of 

17 computer content executability is performed. 

1 8 Bates discloses that a time stamp of the executable code corresponds, inter alia, 

19 to the time the code was virus scanned. However, Bates does not explicitly disclose 

20 that a time stamp of the executable computer code corresponds to an execution time of 

21 the computer code. 



Application/Control Number: 10/046,496 Page 4 



Art Unit: 2137 

1 Hericourt teaches that virus scanning of executable code comprises an execution 

2 ofthe code (3:25-54). 

3 It would have been obvious to one of ordinary skill in the art to recognize 



4 teachings of Hericourt within the system of Bates. This would have been obvious 

5 because one of ordinary skill in the art would have been motivated by the general 

6 teachings of Bates for virus scanning and the teachings of Hericourt for the effective 

7 accomplishment of such. 



8 Thus, the combination enables: 

9 . . .corresponding to an earliest moment the computer code was allowed to 

1 0 execute on a computer coupled to the computer network (Hehcourt, 3:25-54) Herein the 

1 1 combination enables for the timestamp of scanned code to correspond to an "execution 

12 time". As admitted by the applicant, one of ordinary skill in the art recognizes that this 

13 "execution time" is subsequently followed by a plurality of executions of the software 

14 (Remarks, 4/1 1/08, pg. 14). Thus, it is noted that this time-stamped execution within 

1 5 such a sequence of later executions corresponds to "an earliest" or "a first" time within 

16 that sequence. 

1 7 Furthermore, the combination enables for execution "on a computer coupled to 

1 8 the computer network" (Bates, fig . 1 ). 
19 

20 Regarding claim 2, the combination enables: 
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1 receiving a first access control time based on the first virus outbreak report 

2 (Bates et al., fig. 7, elem. 214). Tine system of Bates et al. tal<es human input and 

3 "automatically" generates computer readable parameters. 

4 and converting the first access control time into the first virus alert time (Bates et 



5 al., fig. 7, elem. 214; col. 12, lines 59-62). A "prior point in time" ("virus alert time") is 

6 derived from the period of time specified by element 214 ("access control time") and is 

7 compared to the timestamp of the file. 
8 

9 Regarding claim 3, the combination enables: 

1 0 wherein the first access control time is a relative time stamp (Bates et al., fig. 7, 

1 1 elem. 214; col. 12, lines 59-62). A "prior point in time" ("virus alert time") is derived from 

12 the period of time specified by element 214 ("access control time") and is relative in 

13 time. 
14 



15 Regarding claim 4, the combination enables: 

1 6 wherein the first access control time is a pre-determined time period for access 

17 control under the first computer virus status mode (Bates et al., fig. 7, elem. 214). The 

18 access control time is pre-determined by the user. 
19 

20 Regarding claim 5, the combination enables: 

21 determining the presence of a value representing the computer content in a 

22 memory table of executable computer content (Bates et al., col. 7, lines 1 2-34). 
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1 

2 Regarding claim 6, the combination enables: 

3 wherein the computer content is not executed when the value representing the 

4 computer content is not present in the memory table of executable computer content 

5 (Bates et al., col. 11, lines 11-24; col. 3, lines 24-27). As disclosed by Bates et al., 

6 content not present in the memory table of executable computer content is flagged as 

7 untrustworthy. The invention as disclosed by Bates et al. is configurable to eliminate 

8 untrustworthy computer content from the list of accessible content, thus not providing 

9 access to the content for execution. 
10 



1 1 Regarding claim 7, the combination enables: 

1 2 wherein the value is a hash value of the computer content (Bates et al., col. 1 2, 

13 lines 55-58). 
14 

15 Regarding claim 8, the combination enables: 

1 6 wherein the computer content is determined to be executable only when the 



1 7 computer content is time stamped prior to the first computer virus alert time (Bates et 

18 al., col. 13, lines 42-59; col. 3, lines 24-27). Computer content that is time stamped 

1 9 prior to the first computer virus alert time is branded as trustworthy. Thus, the content 

20 would not be subjected to denial of access for execution. 
21 

22 Regarding claim 9, the combination enables: 
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1 entering types of computer codes that should be blocked from execution in 

2 response to the first computer virus outbreak report (Bates et al., col. 9, line 62 - col. 

3 10, line 28); 

4 and blocking execution of a computer code that belongs to the entered types of 



5 computer codes (Bates et al., col. 3, lines 24-27). The invention as disclosed by the 

6 combination is configurable to eliminate untrustworthy computer content from the list of 

7 accessible content, thus not providing access to the content for execution. 
8 

9 Regarding claim 10, the combination enables: 

1 0 generating a second virus alert time in response to a second computer virus 

1 1 outbreak report; comparing the time stamp of the computer content with the second 

1 2 computer virus alert time; determining the executability of the computer content in 

1 3 response to the result of comparing the time stamp of the computer content with the 

14 second computer virus alert time (Bates et al., col. 3, lines 5-15). The above 

15 limitations of claim 10 are essentially similar to claim 1 with the exception that they are 

16 directed to a second instance of the method of claim 1 . The combination enables for 

17 the method of claim 1 produces a set of results. Thus, the combination enables a 

1 8 secondary instance of the method of claim 1 , as a the word "set" dictates more than a 

1 9 singular occurrence of the method of claim 1 . 

20 performing antivirus processing upon the computer content (Bates et al., col. 9, 

21 lines 62-66). The combination enables the processing of computer content for the 

22 likelihood of existing viruses. 
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1 

2 Regarding claim 1 2, it is rejected, at least, for the same reasons as claim 1 , and 

3 furthermore because the combination enables: 

4 an access control console, for entering a first computer virus status mode in 

5 response to receiving a computer virus outbreak report indicating a virus attacl< threat to 

6 a computer networic and for recovering a preselected virus access control time 

7 corresponding to said virus status mode (Bates et al., fig. 1 , elem. 33; fig. 7); 

8 an anti-virus module, coupled to the access control console, configured to 



9 compute a virus alert time based on the virus access control time and to compare a time 

1 0 stamp of target computer code corresponding to an earliest moment the computer code 

1 1 was allowed to execute with the virus alert time prior to execution of the target computer 

12 content (Bates et al., fig. 1 , elem. 30; see rejections of claims 1 and 2). 

1 3 and wherein the anti-virus module is further configured to determine the 

1 4 executability of the computer content in response to comparing the time stamp of the 

1 5 target computer content with the virus alert time (Bates et al., col. 9, line 56 - col. 1 0, 

16 line 8; col. 1 1 , lines 12-24). The combination enables for in response to a comparison, 

17 a determination of computer content executability is performed. Thus the combination 

18 enables content executability determination, comprising an anti-virus module, used to 

19 determine the trustworthiness ("executability") of content. 
20 

21 Regarding claim 13, the combination enables: 
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1 a memory module for storing time stamps of the plurality of computer contents 

2 (Bates et al., fig. 1 , elem. 46); 

3 and an access control module, coupled to the access control console and to the 

4 memory module, for computing the virus alert time and for comparing the time stamp of 

5 each target computer content with the virus alert time (Bates et al., fig. 1 , elem. 42; see 

6 rejections of claims 1 and 2). 
7 



8 Regarding claim 14, the combination enables: 

9 a computer virus processing module, coupled to the access control module, for 

1 0 further processing a target computer content in order to determine the executability of 

1 1 the target computer content (Bates et al., fig. 1 , elem. 44). 
12 

13 Regarding claim 15, the combination enables: 

1 4 wherein the memory module stores a value representing each of the computer 

15 contents (Bates et al., col. 12, lines 52-65). 
16 

17 Regarding claim 16, the combination enables: 

1 8 wherein the access control module is configured to determine the presence of 

1 9 the value in the memory module as representing a target computer content (Bates et al., 

20 fig. 3). 
21 

22 Regarding claim 17, the combination enables: 
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1 wherein the value is a hash value (Bates et al., col. 12, lines 52-65). 

2 

3 Regarding claim 20, it is rejected, at least, for the same reasons as claim 1 , and 

4 furthermore because the combination enables: 

5 creating a list of time-stamped executable computer contents (Bates et al., fig. 3, 

6 elem. 92). 

7 entering a virus alert mode in response to a virus outbreak report indicating a 

8 virus attack threat to a computer network (Bates et al., fig. 2; col. 1 , lines 1 3-52). 

9 responsive to the virus alert mode, entering an access control message for 



1 0 specifying an access control rule for blocking the execution of suspicious or susceptible 

1 1 computer contents that have a time stamp corresponding to an earliest moment the 

1 2 computer file was allowed to execute, and the time-stamp is not before a computed 

1 3 virus alert time, the access control message including a first control parameter for 

14 computing the virus alert time (Bates et al., fig. 2; fig. 7; see rejections of claims 1 and 

15 2). 



1 6 receiving a request to execute a target computer content; and determining the 

1 7 executability of the target computer content based on the access control rule in the 

1 8 access control message (Bates et al., fig. 2). 
19 

20 Regarding claim 22, the combination enables: 

21 receiving the access control message; automatically converting the first control 

22 parameter into the virus alert time; comparing the time stamp of the target computer 
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1 content in the list with the virus alert time; and determining the executability of the target 

2 computer content based on the result of the comparing step (Bates et al., fig. 2, fig. 3, 

3 fig. 7; see rejections of claims 1 and 2). 
4 



5 Regarding claim 23, the combination enables: 

6 applying an anti-virus operation upon the target computer content (Bates et al., 

7 fig. 3). 
8 

9 Regarding claim 24, the combination enables: 

1 0 a second control parameter for specifying types of computer contents that should 

1 1 be subject to the access control rule (Bates et al., col. 9, line 62 - col. 1 0, line 28); 

1 2 a third control parameter for specifying an expiration time for the access control 

13 rule (Bates et al., fig. 7, elem. 217); 

1 4 and a fourth control parameter for identifying the access control message (Bates 

15 et al., fig. 2). 
16 

17 Regarding claim 25, the combination enables: 

1 8 determining validity of the access control message based on the third control 

19 parameter (Bates et al., fig. 3); 
20 

21 Regarding claim 26, the combination enables: 
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1 determining executability of the target computer content based on the second 

2 control parameter {Bates et al., col. 9, line 62 - col. 10, line 28); 
3 

4 Regarding claims 27 and 28, they are rejected for the same reasons as claims 20 



5 and 22, and further because the combination enables the usage of their system in a 

6 network of communicating computers (Bates et al., fig. 1). Communications to a user 

7 can be blocked when computer content is deemed to be untrustworthy (Bates et al., col. 

8 3, lines 24-27, col. 14, line 6 - col. 15, line 8). 
9 



10 Regarding claim 29, the combination enables: 

1 1 wherein the data communication is blocked when the target computer content is 

12 time-stamped not before the virus alert time (Bates et al., fig. 3; fig 7). 
13 

14 Regarding claim 30, it is rejected, at least, for the same reasons as claim 1 , and 

15 furthermore because the combination enables: 

1 6 a firewall module monitoring data communications initiated by a target computer 



1 7 content and sending a request to examine the data communications (Bates et a!., fig. 1 , 

18 elems.20, 30, 50). The combination enables that the system is useful in a network and 

19 it is capable of filtering trustworthy and untrustworthy computer content - thus, acting as 

20 a firewall module. 

21 an access control console, for generating an access control message specifying 

22 an access control rule for blocking data communications of the target executable 
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1 computer file that has a time stamp corresponding to an earliest moment the computer 

2 file was allowed to execute, and the time-stamp is not before a virus alert time, the 

3 access control message including a first control parameter for computing the virus alert 

4 time in response to a virus outbreak report indicating a virus attack threat to a computer 

5 network (Bates et al., fig. 7; fig. 2); 

6 and an access control module, coupled to the access control console and the 

7 firewall module, configured to receive the access control message and a request from 

8 the firewall module, and to compute the virus alert time based on the virus access 

9 control time and to determine whether the data communication should be blocked 

1 0 based on the access control rule (Bates et al., fig. 1 , elem. 44, see rejections of claims 1 

11 and 2). 
12 

13 Regarding claim 31 , it is a program and computer medium claim implementing 

14 the method claim 1 , and it is rejected for the same reasons (see also. Bates et al., fig. 

15 1). 
16 

17 Regarding claim 32, it is rejected, at least, for the same reasons as claim 1 , and 

18 furthermore because the combination enables: 

1 9 means for entering a computer virus status mode in response to a virus outbreak 

20 report indicating a virus attack threat to a computer network and for automatically 

21 recovering a preselected virus access control time (Bates et al., fig. 7); 
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1 coupled to the entering and recovering means, means for computing a virus alert 

2 time based on the virus access control time (Bates et al., fig. 1 , elems. 31 , 42, 44), 

3 and coupled to the computing virus alert time means, means for comparing a 

4 time stamp of a target computer content with the virus alert time prior to execution of the 

5 computer content (Bates et al., fig. 1 , elem. 42), 

6 and for determining the executability of the computer content in response to 



7 comparing the time stamp of the target computer content with the virus alert time (Bates 

8 etal., col. 9, line 56 -col. 10, line 8; col. 11, lines 12-24). The combination enables a 

9 determination of computer content executability is performed for determining the 
10 trustworthiness ("executability") of content. 

11 



12 Regarding claim 33, it is rejected, at least, for the same reasons as claim 1 , and 

13 furthermore because The combination enables: 

1 4 means for storing time-stamped executable computer contents (Bates et al . , f ig . 

15 1, elem. 46); 

1 6 a firewall means for monitoring data communications occurring to the executable 

17 computer contents (Bates et al., fig. 1 , elems. 44, 29, 52). 

1 8 means for entering a computer virus status mode in response to a virus outbreak 

1 9 report indicating a virus attack threat to a computer network and for automatically 

20 recovering a preselected virus access control time (Bates et al., fig. 7); 

21 coupled to the entering and recovering means, means for computing a virus alert 

22 time based on the virus access control time (Bates et al., fig. 1, elems. 31, 42, 44). 
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1 and coupled to the computing virus alert time means, the storing means, and the 

2 firewall means, means for comparing a time stamp of an executable computer content 

3 with the virus alert time to determine whether the data communication occurring to the 

4 executable computer content should be blocked (Bates et al., fig. 1 , elem. 44, 42). 
5 

6 Regarding claim 34, it comprises essentially similar limitations, and it is rejected, 

7 at least, for the same reasons as claim 1 . 
8 

9 Claim 11 is rejected under 35 U.S.C. 103(a) as being unpatentable over the 

10 combination of Bates et al. and Hericourt in view of Symantec, "Norton Antivirus 

11 Corporate Edition". 

12 

13 Regarding claim 1 1 , The combination enables that viruses can be found in email 



14 attachments, and that it is well known in the art for antivirus programs to have the 

15 capability for performing antivirus processing on emails and email attachments (Bates et 

16 a!., col. 1 , lines 35-63). The combination enables an antivirus program or module for 

17 performing such antivirus processing (Bates et al., fig. 1, elems. 44, 52). Bates et al., 

18 however, does not disclose the details of the antivirus processing for emails and email 

19 attachments. Specifically, Bates et al. does not disclose that the antivirus program or 

20 module removes the computer content from the E-mail body, and denies execution of 

21 the computer content. 

22 Symantec discloses an antivirus program and the details of how the program 

23 performs antivirus processing upon an email with an attachment. Symantec discloses 
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1 that the antivirus program scans content attached to an email body and removes such 

2 content if it is found to contain a virus, thus, denying execution of the content 

3 (Symantec, page 15, par. 2; page 22, "Managing Realtime Protection"). 

4 It would have been obvious for one of ordinary skill in the art to combine the 

5 details disclosed by Symantec for the antivirus processing of emails with the system of 

6 Bates et al. because the system of The combination enables an antivirus program 

7 capable of performing antivirus processing for processing of emails. 
8 

9 

1 0 Response to Arguments 

11 

12 Applicant's arguments filed 4/1 1/08 have been fully considered but they are not 

13 persuasive. 
14 

1 5 Applicants argues or assert essentially that: 

1 6 (i) There is no teaching or suggestion that a timestamp corresponds to an earliest 

1 7 moment the code is allowed to execute. 

18 ...In other words, a particular timestamp in Bates cannot be said to represent the 

1 9 "earliest" execution because there are an arbitrary number of executions that occur 

20 before and after the execution represented by the timestamp. Therefore, a person of 

21 ordinary skill in the art considering the teachings of Bates and Hericourt would not find 

22 the claimed invention obvious. (Remarks, pg. 14) 
23 
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1 In response the examiner respectfully notes the applicant's explicit admission 

2 that "there are an arbitrary number of executions that occur . . . after the execution 

3 represented by the timestamp". In fact, the examiner respectfully points out that the 

4 applicant claims as "noncontroversial" the facts noted by the examiner respecting the 

5 prior art's assumption that software is executed multiple times after scanning. 

6 Therefore, it is respectfully pointed out that if the applicant acknowledges a system 

7 wherein a sequence of software executions occur, wherein the sequence may comprise 

8 a time-stamped execution (i.e. virus scanning of the software) and a plurality of 

9 subsequent executions (i.e. execution of the software according to it's designed 

10 purpose, e.g. as a video game, calendaring application, messaging, etc.), then the 

1 1 applicant reasonably must also acknowledge that within such a sequence the time- 

12 stamped execution represents "an earliest" time of execution in comparison to the 

1 3 subsequent executions within that sequence. 
14 

1 5 Conclusion 

16 

17 The prior art made of record and not relied upon is considered pertinent to 

18 applicant's disclosure. 
19 

20 See Notice of References Cited. 

21 
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1 THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 

2 policy as set forth in 37 CFR 1 .1 36(a). 

3 A shortened statutory period for reply to this final action is set to expire THREE 

4 MONTHS from the mailing date of this action. In the event a first reply is filed within 

5 TWO MONTHS of the mailing date of this final action and the advisory action is not 

6 mailed until after the end of the THREE-MONTH shortened statutory period, then the 

7 shortened statutory period will expire on the date the advisory action is mailed, and any 

8 extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 

9 the advisory action. In no event, however, will the statutory period for reply expire later 

1 0 than SIX MONTHS from the mailing date of this final action. 

1 1 Any inquiry concerning this communication or earlier communications from the 

1 2 examiner should be directed to Jeffery Williams whose telephone number is (571 ) 272- 

13 7965. The examiner can normally be reached on 8:30-5:00. 

14 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

15 supervisor, Emmanuel Moise can be reached on (571 ) 272-3865. The fax phone 

16 number for the organization where this application or proceeding is assigned is (703) 

17 872-9306. 
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Information regarding the status of an application may be obtained from the 



2 Patent Application Information Retrieval (PAIR) system. Status information for 

3 published applications may be obtained from either Private PAIR or Public PAIR. 

4 Status information for unpublished applications is available through Private PAIR only. 

5 For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

6 you have questions on access to the Private PAIR system, contact the Electronic 

7 Business Center (EBC) at 866-21 7-91 97 (toll-free). 
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